Several remote vulnerabilities have been discovered in the Iceweasel web
browser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

moz_bug_r_a4 discovered that the session-restore feature does not
properly sanitise input leading to arbitrary injections. This issue
could be used to perform an XSS attack or run arbitrary JavaScript
with chrome privileges. (MFSA 2008-69)

For the stable distribution (etch) these problems have been fixed in
version 2.0.0.19-0etch1.

For the testing distribution (lenny) and the unstable distribution (sid)
these problems have been fixed in version 3.0.5-1. Please note iceweasel
in Lenny links dynamically against xulrunner.